<?php
require_once 'inc/config.php';
global $luo_session_name;
if (isset($_GET['act']) && addslashes($_GET['act']) == "login") login();
if (isset($_GET['act']) && addslashes($_GET['act']) == "exits"){exits();}else{header("location:login.php");}
sessionlogin();
function login() {
	global $db;
	    if (isset ( $_GET ["username"] )) {
			$username = $_GET ["username"];
		} else {
			$username = "";
		}
		if (isset ( $_GET ["password"] )) {
			$password = $_GET ["password"];
		} else {
			$password = "";
		}

		if (empty($username)||empty($password)){
			echo "用户名或密码不能为空！";
			exit();
		}
		$user_row = $db->getOneRow(get_sql("select id,rankadmin,username,password from {pre}admin where username='".$username."' and password='".md5($password)."'"));

		if (!empty($user_row )) {
			$_SESSION['username'] = $user_row ['username']; 
			$_SESSION['password'] = $user_row ['password']; 
			$_SESSION['id'] = $user_row['id']; 
			$luo_session_name = $user_row['username'];
			$_SESSION['rankadmin'] = $user_row ['rankadmin'];
			//记住用户名
			setcookie ('username', $username,time()+3600*24*365);
			mysql_query(get_sql("update {pre}admin set loginip='".get_userip()."',logintime='".date ( "Y-m-d H:i:s" )."',logincount=logincount+1 where username='".$username."'"));
			echo "1";
			exit();
		}else{
			echo "用户名或密码不正确！";
			exit();
		}
}
?>